Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CodeHawk static analysis tool suite #140047

Open
roberth opened this issue Sep 30, 2021 · 2 comments
Open

CodeHawk static analysis tool suite #140047

roberth opened this issue Sep 30, 2021 · 2 comments
Labels
0.kind: packaging request Request for a new package to be added 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md 6.topic: ocaml

Comments

@roberth
Copy link
Member

roberth commented Sep 30, 2021

Project description

The CodeHawk Tool Suite, originally developed by Kestrel Technology, is a sound static analysis platform based on the mathematical theory of abstract interpretation developed by Patrick and Radhia Cousot. CodeHawk consists of a programming-language independent abstract interpretation engine and three language front ends [Java, C, x86]

Nixpkgs could use it to check its own C programs, such as the setuid wrappers and #124556.

For packaging it seems we'll need at least these repos:

https://github.com/static-analysis-engineering/codehawk
https://github.com/static-analysis-engineering/CodeHawk-C

This is not about the JavaScript codehawk project, which seems to be entirely unrelated, despite performing performing some kind of analysis on JS.

Metadata
@roberth roberth added 6.topic: ocaml 0.kind: packaging request Request for a new package to be added labels Sep 30, 2021
@bergkvist
Copy link
Member

My setup so far

git clone https://github.com/static-analysis-engineering/CodeHawk-C
cd CodeHawk-C

I've added shell.nix to the CodeHawk-C folder with the following content:

# Use commit from https://github.com/NixOS/nixpkgs/pull/124556 to get access to pkgs.makeBinaryWrapper
{ pkgs ? import (fetchTarball "https://github.com/bergkvist/nixpkgs/archive/4b833cc141172f88e563692f2458253212d1cf1a.tar.gz") {} }:

let
  PROJECT_ROOT = toString ./.;
in pkgs.mkShell {
  buildInputs = [
    pkgs.gcc
    pkgs.python39
    pkgs.makeBinaryWrapper
  ];
  shellHook = ''
    export PYTHONPATH="${PROJECT_ROOT}"
    export PATH="${PROJECT_ROOT}/chc/cmdline/c_file/:$PATH"
  '';
}
nix-shell --pure
[nix-shell]$ mkdir -p wrapper-test && cd wrapper-test
[nix-shell]$ makeCWrapper /some/executable > main.c
[nix-shell]$ chc_parse_file.py main.c
[nix-shell]$ chc_analyze_file.py . main.c

But I get an exception from CodeHawk-C trying to analyze a simple C-file:

Traceback (most recent call last):
  File "/Users/tobias/repos/CodeHawk-C/chc/cmdline/c_file/chc_analyze_file.py", line 157, in <module>
    capp.collect_post_assumes()
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CApplication.py", line 351, in collect_post_assumes
    self.iter_files(lambda f: f.collect_post_assumes())
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CApplication.py", line 163, in iter_files
    f(file)
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CApplication.py", line 351, in <lambda>
    self.iter_files(lambda f: f.collect_post_assumes())
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CFile.py", line 128, in collect_post_assumes
    self.iter_functions(lambda fn: fn.collect_post_assumes())
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CFile.py", line 214, in iter_functions
    f(fn)
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CFile.py", line 128, in <lambda>
    self.iter_functions(lambda fn: fn.collect_post_assumes())
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CFunction.py", line 203, in collect_post_assumes
    self.proofs.collect_post_assumes()
  File "/Users/tobias/repos/CodeHawk-C/chc/proof/CFunctionProofs.py", line 86, in collect_post_assumes
    self.spos.collect_post_assumes()
  File "/Users/tobias/repos/CodeHawk-C/chc/proof/CFunctionSPOs.py", line 68, in collect_post_assumes
    cs.collect_post_assumes()
  File "/Users/tobias/repos/CodeHawk-C/chc/proof/CFunctionCallsiteSPOs.py", line 299, in collect_post_assumes
    calleefun = cfile.capp.resolve_vid_function(cfile.index, self.callee.get_vid())
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CApplication.py", line 211, in resolve_vid_function
    return self.files[filename].get_function_by_index(tgtvid)
  File "/Users/tobias/repos/CodeHawk-C/chc/app/CFile.py", line 202, in get_function_by_index
    raise Exception('Unable to find function with global vid ' + str(index))
Exception: Unable to find function with global vid 414

The file I'm trying to analyze (makeCWrapper /some/executable):

#include <unistd.h>
#include <stdlib.h>

int main(int argc, char **argv) {
    argv[0] = "/some/executable";
    return execv("/some/executable", argv);
}

@stale
Copy link

stale bot commented Apr 17, 2022

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Apr 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: packaging request Request for a new package to be added 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md 6.topic: ocaml
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bergkvist @roberth